Klez Worm Attack

NSK8700 · **Joined:** Sun Apr 05, 2009 6:47 pm **Posts:** 43

For the past 2 days I seem to have been infected/attacked by the W32 Klez-H Virus/ worm., which disables me to access my eMail web clients, esp. http://www.gmail.com (gets redirected). The History list shows my http://www.gmail.com page access with the following within quotes:

" Gmail.com | W32 Klez-H | Gmail Registration | Klez-Worm | Linux Email Server- "

What is the solution/ procedure to clean this up ? What is the typical behavior of this Virus attack/ worm.

null_bit · **Posted:** Mon Jul 19, 2010 12:50 am

Change your password,security question,secondary email-id and all the account details as soon as possible.
https://www.google.com/accounts/EditPasswd?hl=en-US

Immediately change your password and security question ( also change your secondary id and mobile number if they too got changed. ) :
https://www.google.com/accounts/ManageAccount
then clear your browser's cookie and cache.

If your account has been compromised/hacked/stolen you will need to check at least all of the following things:
Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and secondary e-mail address]
Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]
E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

null_bit · **Posted:** Mon Jul 19, 2010 12:51 am

n Gmail you have the option to check what is the IP from where the account is being accessed.
At the bottom of the Inbox page ...
E.g

You are currently using x70MB (1x%) of your xxxx MB.
Last account activity: 1 hour ago at this IP (xxx.xxx.xxx.xxx). Details

Where xxx are values for storage amount and IP address.
Click on Details

A new popup window will come up ..

Activity on this account
This feature provides information about the last activity on this mail account and any concurrent activity. Learn more

This account does not seem to be open in any other location.
If you see that the account is logged in from somewhere else .. logout
(this could be a genuine case if you also login via mobile.. blackberry etc)

Recent activity:
Access Type [ ? ]
(Browser, mobile, POP3, etc.) IP address [ ? ] Date/Time
(Displayed in your time zone)
Browser * xxx.xxx.xxx.xxx 01:48 (0 minutes ago)
Browser xxx.xxx.xxx.xxx 00:30 (1 hour ago)
Browser xxx.xxx.xxx.xxx 00:15 (1.5 hours ago)
Browser xxx.xxx.xxx.xxx 23:57 (1.5 hours ago)
Browser xxx.xxx.xxx.xxx 23:45 (2 hours ago)
* indicates activity from the current session.
This computer is using IP address xxx.xxx.xxx.xxx

Klez Worm Attack

Who is online